(70) Conditional Acess Insights and Reporting

The Conditional Access insights and reporting workbook enables you to understand the impact of Conditional Access policies in your organization over time. During sign-in, one or more Conditional Access policies may apply, granting access if certain grant controls are satisfied or denying access otherwise. Because multiple Conditional Access policies may be evaluated during each sign-in, the insights and reporting workbook lets you examine the impact of an individual policy or a subset of all policies.

This is helpful in my situation when I have to evaluate the environment for a customer or applying new policies with "Report-only"

Prerequisites:

• Have a Log Analytics workspace

• Users must have Azure AD Premium P1 or P2 licenses

• Users must have at least the Security Reader role assigned

• Users must have at least Log Analytics Contributor role assigned

Log Analytics Workspace:

1. Navigate to https://portal.azure.com

2. Search for Log Analytics Workspace

3. Select Create

4. Under Basics tab, select the following:

Subscription: Select the correct one if you have more than one.

Resource group: rg-monitoring-logs-001

Name: rg-monitoring-logs-001

Region: Australia Southeast

5. Next navigate to https://portal.azure.com then select Azure Active Directory.

6. Then under Monitoring, select Diagnostics settings

7. Select Add diagnostic setting, enter the following:

Diagnostic setting name: mrb-signing-logs

Tick the following categories.

Subscription: Select the appropriate if you have more than one.

Log Analytics workspace: Select the one that was recently created.

8. Next navigate to Conditional Access, then select Insights and reporting. Change the time range to 7 days to get or longer to get more data.